In Alaska, top cybersecurity official says state’s remoteness makes it vulnerable but touts resiliency
Alaska’s remoteness from the rest of the country means a cyberattack on its infrastructure — including ports, electrical stations or water plants — could cause big problems.
Among the various agencies working to prevent such attacks is the Cybersecurity and Infrastructure Security Agency, or CISA, whose deputy director, Nitin Natarajan, visited Alaska recently for the Alaska Cybersecurity Summit in Anchorage.
Natarajan says as the threat of cyberattacks has shifted, they’re affecting everyday people more and more.
Listen:
[Sign up for Alaska Public Media’s daily newsletter to get our top stories delivered to your inbox.]
This interview has been lightly edited for length and clarity.
Nitin Natarajan: You know, we’re seeing an interesting dynamic as we look at the victim landscape here across the United States. And traditionally, you know, a lot of people thought cyber victims were large Fortune 100 companies, they were federal government agencies, the military, kind of these types of big targets that folks were focused on. And what we’re actually seeing now is, targets aren’t just those large companies.
We’re seeing attacks against small- and medium-sized businesses. We’re seeing attacks in urban and rural America. And we’re seeing attacks against healthcare facilities, water utilities, things that disrupt and impact the way of life of day-to-day Americans. And so we want to make sure that across Alaska, both for critical infrastructure and, frankly, for the public at large, are understanding the potential threats that we’re seeing across the world and how they apply to them locally, and the work that we can do together to help build more resilience.
Casey Grove: Are there potential victims in Alaska that are, sort of, Alaska-specific that you have seen?
NN: So I think, not necessarily separate from a type of or category of infrastructure, but what I would offer is definitely the criticality of the infrastructure is very different here, right? So I mean, I had a great time yesterday to talk with the folks at Port of Alaska and really understand the criticality of the Port of Alaska, versus a a port in the Lower 48, right, where you have options.
So if we look at, most recently, the tragedy of the bridge collapse in Baltimore, alright, I mean, that required us to pivot a lot of our options and to move product to Philadelphia or to Newark and to other areas. So there was an impact. But there were options. If Port of Alaska went down, where’s the option? And how do we deal with that? And what does that impact, again, the day to day lives of Alaska? And so I think that there’s, while the category of infrastructure may not be any different, the criticality of that infrastructure really is there.
CG: Yeah. Just, I guess, using the port as an example, how might a cyber attack affect the Port of Alaska?
NN: So I think there’s a lot of different potential factors as we look at introducing new technology, new capability into what we do. All that technology is, you know, what we say, “expands our attack surface,” right? It introduces potential vulnerabilities and potential risks to the organization. I mean, Port of Alaska shared, you know, there, a lot of the infrastructure we see in other parts of the country that are concerning about cranes. And those types of things are not an issue here. Actually, the cranes here are U.S. made but are in the process of being replaced, right? So there is no internet connectivity there.
But as we look at new technology, what does that look like? And how do we make sure that we are looking at security and taking that into effect as we look at all the modernization efforts? So when you think about the port itself, right, the potential vectors for attack are great. You have a lot of different companies … you have IT systems running everything from trucks to human capital, and billing and paperwork and financing. You know, there’s a lot of potential avenues to disrupt, kind, of that day-to-day activity. And that could, not to be that there’s not workarounds, a lot of people, you know, they talk about going back to paper, and you always have those capabilities to do that. But that often will have an impact.
CG: Yeah. So I guess it’s not so much about our proximity to maybe Russia or China as much as the consequences of an attack here, maybe being a bigger deal?
NN: Yeah, I think, you know, geographic distance, obviously, in cyber, as cyber is a global issue, the border don’t really matter, distance really doesn’t matter. The attacks are coming from all over the globe. So I think from that perspective, the location, it is more that consequence than location. But I do think, you know, the phrase I’ve heard repeatedly over the last 48 hours, it’s resonated, is, you know, “Alaska is an island.” And so I think there’s also that aspect of it that, you know, there was that geographic element of it that does, frankly, make it I think, more appealing to some as a potential target.
CG: Well, I guess that begs the question, I mean, how are we doing? You’ve done these tours. You know, are we, I don’t know what, on a scale of one to 10 or like a letter grade average, like, how are we doing?
NN: There’s a lot of great collaboration here in Alaska. And, you know, what was very clear to me over the last two days, but frankly, even in the conversations I’ve had with our regional teams in the months and years prior, that the community coming together here, and Alaska really has been instrumental, the partnership, the collaboration has been key to helping each other to really coming up with novel and innovative ways to tackle challenges.
So I think that there’s really been, that sense of community and collaboration is extremely strong here. In Alaska, we actually have four staff here in Anchorage. We have cybersecurity advisors, physical security advisors and emergency communications experts here. And they’ve been working with state and local partners, with tribal partners and with the private sector for a long time. And I think that collaboration and partnership really has been key in building that resilience. I’m not sure there’s way to rack and stack entities or necessarily to score them. But what we found is that the communities that essentially are more collaborative are more resilient, and there is strong collaboration and strong resilience here.
CG: I just have one more question: What is your email password?
NN: (laughs)
Casey Grove is host of Alaska News Nightly, a general assignment reporter and an editor at Alaska Public Media. Reach him at cgrove@alaskapublic.org. Read more about Casey here.